Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fix a 16-bit integer overflow that might occur in statements that use both an EXISTS clause and IN operator with a RHS holding in excess of 32K entries. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | branch_3_6_16 |
| Files: | files | file ages | folders |
| SHA1: |
65a1f1334d92873ed0b9f2d9ae3e9052 |
| User & Date: | drh 2009-10-29 18:38:22 |
| Original Comment: | Fix a 16-bit integer overflow that might occur in statements that use both an EXISTS clause and IN operator with a RHS holding in excess of 32K entries. |
References
|
2009-10-30
| ||
| 14:05 | • Fixed ticket [6b00e0a3]: The great OP_If bug plus 3 other changes artifact: a67b11ba user: drh | |
Context
|
2009-10-30
| ||
| 13:26 | Version 3.6.16.1 Leaf check-in: 2a832b19 user: drh tags: release, branch_3_6_16 | |
|
2009-10-29
| ||
| 18:38 | Fix a 16-bit integer overflow that might occur in statements that use both an EXISTS clause and IN operator with a RHS holding in excess of 32K entries. check-in: 65a1f133 user: drh tags: branch_3_6_16 | |
|
2009-06-27
| ||
| 14:10 | Version 3.6.16 (CVS 6829) check-in: ff691a6b user: drh tags: trunk, release | |
Changes
Changes to VERSION.
1 |
3.6.16 |
| |
1 |
3.6.16.1
|
Changes to src/expr.c.
1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 |
VdbeComment((v, "Init EXISTS result"));
}
sqlite3ExprDelete(pParse->db, pSel->pLimit);
pSel->pLimit = sqlite3PExpr(pParse, TK_INTEGER, 0, 0, &one);
if( sqlite3Select(pParse, pSel, &dest) ){
return;
}
pExpr->iColumn = (i16)dest.iParm;
ExprSetIrreducible(pExpr);
break;
}
}
if( testAddr ){
sqlite3VdbeJumpHere(v, testAddr-1);
|
| |
1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 |
VdbeComment((v, "Init EXISTS result"));
}
sqlite3ExprDelete(pParse->db, pSel->pLimit);
pSel->pLimit = sqlite3PExpr(pParse, TK_INTEGER, 0, 0, &one);
if( sqlite3Select(pParse, pSel, &dest) ){
return;
}
pExpr->iColumn = dest.iParm;
ExprSetIrreducible(pExpr);
break;
}
}
if( testAddr ){
sqlite3VdbeJumpHere(v, testAddr-1);
|
Changes to src/sqliteInt.h.
1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 |
/* If the EP_Reduced flag is set in the Expr.flags mask, then no
** space is allocated for the fields below this point. An attempt to
** access them will result in a segfault or malfunction.
*********************************************************************/
int iTable; /* TK_COLUMN: cursor number of table holding column
** TK_REGISTER: register number */
i16 iColumn; /* TK_COLUMN: column index. -1 for rowid */
i16 iAgg; /* Which entry in pAggInfo->aCol[] or ->aFunc[] */
i16 iRightJoinTable; /* If EP_FromJoin, the right table of the join */
u16 flags2; /* Second set of flags. EP2_... */
AggInfo *pAggInfo; /* Used by TK_AGG_COLUMN and TK_AGG_FUNCTION */
Table *pTab; /* Table for TK_COLUMN expressions. */
#if SQLITE_MAX_EXPR_DEPTH>0
int nHeight; /* Height of the tree headed by this node */
|
| |
1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 |
/* If the EP_Reduced flag is set in the Expr.flags mask, then no
** space is allocated for the fields below this point. An attempt to
** access them will result in a segfault or malfunction.
*********************************************************************/
int iTable; /* TK_COLUMN: cursor number of table holding column
** TK_REGISTER: register number */
int iColumn; /* TK_COLUMN: column index. -1 for rowid */
i16 iAgg; /* Which entry in pAggInfo->aCol[] or ->aFunc[] */
i16 iRightJoinTable; /* If EP_FromJoin, the right table of the join */
u16 flags2; /* Second set of flags. EP2_... */
AggInfo *pAggInfo; /* Used by TK_AGG_COLUMN and TK_AGG_FUNCTION */
Table *pTab; /* Table for TK_COLUMN expressions. */
#if SQLITE_MAX_EXPR_DEPTH>0
int nHeight; /* Height of the tree headed by this node */
|